package parity.coop;

import io.confluent.kafka.test.utils.KafkaTestUtils;
import io.confluent.rbacapi.app.CCRbac;
import io.confluent.rbacapi.app.CCRbacConfig;
import io.confluent.rbacapi.box.CCRbacInABox;
import io.confluent.rbacapi.entities.MdsScope;
import io.confluent.rbacapi.retrofit.v2.V2RbacRestApi;
import io.confluent.rbacapi.retrofit.v2.V2RbacRetrofitFactory;
import io.confluent.rbacapi.services.CloudFeatureConfigurationService;
import io.confluent.rbacapi.services.FeatureConfigurationService;
import io.confluent.rbacapi.validation.v2.V2ValidMdsScope;
import io.confluent.security.audit.provider.ConfluentAuditLogProvider;
import io.confluent.security.auth.metadata.AuthCache;
import io.confluent.security.authorizer.Scope;
import io.confluent.security.test.utils.RbacClusters;
import io.confluent.testing.ldap.client.ExampleComLdapCrud;
import io.confluent.testing.ldap.server.LdapServer;
import java.net.ConnectException;
import java.util.Collections;
import java.util.List;
import java.util.Properties;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import kafka.server.KafkaServer;
import org.apache.kafka.clients.admin.AdminClient;
import org.apache.kafka.clients.admin.NewTopic;
import org.apache.kafka.clients.admin.TopicDescription;
import org.apache.kafka.common.KafkaFuture;
import org.apache.kafka.common.network.ListenerName;
import org.awaitility.Awaitility;
import org.awaitility.core.ConditionFactory;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.testng.Assert;
import org.testng.annotations.AfterSuite;
import org.testng.annotations.BeforeSuite;
import org.testng.annotations.Optional;
import org.testng.annotations.Parameters;
import retrofit2.Response;
import utils.ControlPlaneMDSCluster;
import utils.KafkaConfigTool;
import utils.MdsTestUtil;
import utils.PostgresDbTestBed;

/* loaded from: input_file:parity/coop/ParitySuite.class */
public class ParitySuite {
    public static final String DEFAULT_PARITY_BACKEND = "box";
    public static final String DEFAULT_PARITY_MDS_PORT = "8050";
    public static final String DEFAULT_PARITY_LDAP_PORT = "7389";
    public static final String U_BROKER_SUPER_USER = "mds";
    public static final String U_FLOW_SERVICE_ADMIN = "flowserviceadmin";
    public static final String U_CDX_SERVICE_ADMIN = "cdxshareserviceadmin";
    private LdapServer ldapServer;
    private RbacClusters rbacClusters;
    private RbacClusters auditLogCluster;
    private ControlPlaneMDSCluster cloudMDSCluster;
    private PostgresDbTestBed postgresDbTestBed;
    private List<ConfluentAuditLogProvider> auditLogProviders;
    private Thread ccRbacThread;
    private CCRbac ccRbac;
    private static KafkaTestUtils.ClientBuilder clientBuilder;
    private static final MdsScope ROOT_SCOPE = MdsScope.of(Scope.ROOT_SCOPE);
    private static final int DEFAULT_KAFKA_LISTENER_PORT_BASE = -1;
    private static int actualMdsPort = DEFAULT_KAFKA_LISTENER_PORT_BASE;
    private static int actualLdapPort = DEFAULT_KAFKA_LISTENER_PORT_BASE;
    private static volatile boolean started = false;
    private static FeatureConfigurationService featureConfigurationService = (FeatureConfigurationService) Mockito.mock(CloudFeatureConfigurationService.class);

    public static void startIfNeeded() throws Exception {
        if (started) {
            return;
        }
        System.out.println("\nNOTE : Parity Test being run w/out Suite, starting suite with box based backend.\n");
        new ParitySuite().suiteSetup(DEFAULT_PARITY_BACKEND, DEFAULT_PARITY_MDS_PORT, DEFAULT_PARITY_LDAP_PORT);
    }

    public static int getActualLdapPort() {
        if (started) {
            return actualLdapPort;
        }
        System.out.println("ERROR test asking for LdapPort before it is ready");
        return DEFAULT_KAFKA_LISTENER_PORT_BASE;
    }

    public static int getActualMdsPort() {
        if (started) {
            return actualMdsPort;
        }
        System.out.println("ERROR test asking for MDSPort before it is ready");
        return DEFAULT_KAFKA_LISTENER_PORT_BASE;
    }

    @Parameters({"backend", "mdsPort", "ldapPort"})
    @BeforeSuite
    public void suiteSetup(@Optional("box") String str, @Optional("8050") String str2, @Optional("7389") String str3) throws Exception {
        V2RbacRestApi build;
        Assert.assertFalse(started, "ERROR parity suite being started twice.");
        started = true;
        configureFeatureService();
        int parseInt = Integer.parseInt(str2);
        actualLdapPort = startLdap(Integer.parseInt(str3));
        new ExampleComLdapCrud(actualLdapPort).createUsers(new String[]{"mds", U_FLOW_SERVICE_ADMIN, U_CDX_SERVICE_ADMIN});
        int startKafkaAuditLogCluster = startKafkaAuditLogCluster();
        if (DEFAULT_PARITY_BACKEND.equals(str)) {
            System.out.println("starting db");
            this.postgresDbTestBed = new PostgresDbTestBed();
            this.postgresDbTestBed.setupDBAndForcePort5432();
            System.out.println("db started");
            System.out.println("starting cc-rbac");
            Properties properties = CCRbacInABox.setupTestConfig(false, true, this.postgresDbTestBed.getDbUrl(), parseInt, actualLdapPort, startKafkaAuditLogCluster);
            System.out.println(properties);
            this.ccRbac = new CCRbac(featureConfigurationService);
            this.ccRbacThread = new Thread(() -> {
                try {
                    this.ccRbac.run(new CCRbacConfig(properties));
                } catch (Exception e) {
                    System.out.println("ccRbac.run exited");
                    System.out.println(e);
                }
            });
            this.ccRbacThread.start();
            System.out.println("cc-rbac started");
            Awaitility.await().atMost(5L, TimeUnit.SECONDS).until(() -> {
                return Boolean.valueOf(this.ccRbac.embeddedAuthorizer != null);
            });
            Awaitility.await().atMost(15L, TimeUnit.SECONDS).until(() -> {
                return Boolean.valueOf(this.ccRbac.getCCRbacPort() != DEFAULT_KAFKA_LISTENER_PORT_BASE);
            });
            this.auditLogProviders = Collections.singletonList(this.ccRbac.embeddedAuthorizer.auditLogProvider());
            V2ValidMdsScope.MdsScopeValidator.setCloudCheck(true);
            actualMdsPort = this.ccRbac.getCCRbacPort();
            build = V2RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, U_FLOW_SERVICE_ADMIN);
        } else {
            if ("db".equals(str)) {
                this.postgresDbTestBed = new PostgresDbTestBed();
                this.postgresDbTestBed.setupDb();
                RbacClusters.Config cloudLdap = KafkaConfigTool.cloudLdap(actualLdapPort, parseInt, "mds", "CC_V2_TRANSITIONAL", DEFAULT_KAFKA_LISTENER_PORT_BASE, startKafkaAuditLogCluster);
                KafkaConfigTool.turnOnAuditLogs(cloudLdap);
                KafkaConfigTool.applyCloudDbConfig(cloudLdap, this.postgresDbTestBed);
                this.cloudMDSCluster = new ControlPlaneMDSCluster(cloudLdap);
                actualMdsPort = MdsTestUtil.lookupActualMdsPort(this.cloudMDSCluster);
                this.auditLogProviders = (List) this.cloudMDSCluster.metadataCluster.brokers().stream().map(kafkaServer -> {
                    return kafkaServer.auditLogProvider();
                }).collect(Collectors.toList());
                V2ValidMdsScope.MdsScopeValidator.setCloudCheck(true);
            } else {
                if (!"topic".equals(str)) {
                    throw new IllegalStateException("Unknown backend type : " + str);
                }
                RbacClusters.Config cloudLdap2 = KafkaConfigTool.cloudLdap(actualLdapPort, parseInt, "mds", "CC_V2_TRANSITIONAL", DEFAULT_KAFKA_LISTENER_PORT_BASE, startKafkaAuditLogCluster);
                KafkaConfigTool.turnOnAuditLogs(cloudLdap2);
                this.rbacClusters = new RbacClusters(cloudLdap2);
                actualMdsPort = MdsTestUtil.lookupActualMdsPort(this.rbacClusters);
                this.auditLogProviders = (List) this.rbacClusters.metadataCluster.brokers().stream().map(kafkaServer2 -> {
                    return kafkaServer2.auditLogProvider();
                }).collect(Collectors.toList());
                V2ValidMdsScope.MdsScopeValidator.setCloudCheck(false);
            }
            build = V2RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, "mds");
            Awaitility.given().ignoreException(ConnectException.class).await().atMost(30L, TimeUnit.SECONDS).until(() -> {
                return Boolean.valueOf(build.getRoleNames().execute().isSuccessful());
            });
            if ("topic".equals(str)) {
                Assert.assertTrue(build.addClusterRoleForPrincipal("User:flowserviceadmin", "CCloudRoleBindingAdmin", ROOT_SCOPE).execute().isSuccessful(), "Problem granting initial role to flowserviceadmin for Topic backed v2 Cloud MDS");
            }
        }
        this.auditLogProviders.forEach(confluentAuditLogProvider -> {
            ConditionFactory atMost = Awaitility.await().atMost(5L, TimeUnit.SECONDS);
            confluentAuditLogProvider.getClass();
            atMost.until(confluentAuditLogProvider::isEventLoggerReady);
        });
        Response execute = build.healthcheck().execute();
        Assert.assertTrue(execute.isSuccessful(), "Problem during healthcheck call");
        Assert.assertTrue(((AuthCache.Result) execute.body()).isHealthy(), "AuthStore is not healthy");
        V2RbacRestApi v2RbacRestApi = build;
        Awaitility.given().ignoreException(ConnectException.class).await().atMost(30L, TimeUnit.SECONDS).until(() -> {
            return Boolean.valueOf(v2RbacRestApi.getRoleNames().execute().isSuccessful());
        });
    }

    private int startLdap(int i) {
        LdapServer.LdapServerConfig ldapServerConfig = new LdapServer.LdapServerConfig();
        ldapServerConfig.port = i;
        ldapServerConfig.ldifClasspathFile = "/wedgeNoUsers.ldif";
        this.ldapServer = new LdapServer(ldapServerConfig).start();
        return this.ldapServer.actualPort();
    }

    private int startKafkaAuditLogCluster() throws Exception {
        RbacClusters.Config noAuth = KafkaConfigTool.noAuth("mds");
        KafkaConfigTool.turnOnAuditLogs(noAuth);
        this.auditLogCluster = new RbacClusters(noAuth);
        int boundPort = ((KafkaServer) this.auditLogCluster.metadataCluster.brokers().get(0)).boundPort(new ListenerName("EXTERNAL"));
        clientBuilder = this.auditLogCluster.mdsClientBuilder("mds");
        AdminClient buildAdminClient = clientBuilder.buildAdminClient();
        try {
            ((TopicDescription) ((KafkaFuture) buildAdminClient.describeTopics(Collections.singleton("confluent-audit-log-events")).values().get("confluent-audit-log-events")).get()).name();
        } catch (RuntimeException e) {
            buildAdminClient.createTopics(Collections.singleton(new NewTopic("confluent-audit-log-events", 1, (short) 1))).all().get();
        }
        return boundPort;
    }

    @AfterSuite
    public void teardownClass() {
        if (this.ldapServer != null) {
            this.ldapServer.stop();
        }
        if (this.cloudMDSCluster != null) {
            this.cloudMDSCluster.shutdown();
        }
        if (this.postgresDbTestBed != null) {
            this.postgresDbTestBed.teardownDb();
        }
        if (this.rbacClusters != null) {
            this.rbacClusters.shutdown();
        }
        if (this.auditLogCluster != null) {
            this.auditLogCluster.shutdown();
        }
        if (this.ccRbac != null) {
            this.ccRbac.close();
            try {
                System.out.println("Waiting for ccRbacThread");
                this.ccRbacThread.join(5000L);
            } catch (InterruptedException e) {
            }
            if (this.ccRbacThread.isAlive()) {
                System.out.println("Interrupting ccRbacThread");
                this.ccRbacThread.interrupt();
            }
        }
        actualLdapPort = DEFAULT_KAFKA_LISTENER_PORT_BASE;
        MdsTestUtil.releasePort(actualMdsPort);
        started = false;
    }

    public static KafkaTestUtils.ClientBuilder getClientBuilder() {
        return clientBuilder;
    }

    public static FeatureConfigurationService getFeatureConfigurationService() {
        return featureConfigurationService;
    }

    private void configureFeatureService() {
        ((FeatureConfigurationService) Mockito.doReturn(false).when(featureConfigurationService)).isRbacLimitsEnable();
        ((FeatureConfigurationService) Mockito.doReturn(1000).when(featureConfigurationService)).organizationRoleBindingLimit(ArgumentMatchers.anyString());
        ((FeatureConfigurationService) Mockito.doReturn(1000).when(getFeatureConfigurationService())).orgEnvRoleBindingLimits(ArgumentMatchers.anyString());
        ((FeatureConfigurationService) Mockito.doReturn(500).when(getFeatureConfigurationService())).cloudClusterRoleBindingLimits(ArgumentMatchers.anyString());
    }
}
